felhom.eu

admin/felhom.eu

Fork 0

Commit Graph

Author	SHA1	Message	Date
admin	15c4728e2c	doc(03-host-agent): slice-7 bring-up front half + golden host-key unit implemented §9: the provision front half, guest-loss DR front half, and golden recipe are now implemented (agent v0.8.0, internal/reconcile/bringup.go; configs/build-golden.sh). Identity reset settled + implemented: provision resets MAC (unconditional, F1) + hostname host-side; machine-id + SSH host keys regenerate guest-side (systemd + the baked first-boot felhom-regen-hostkeys unit, F3) — agent stays host-side-only. Slice mapping table statuses updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-09 21:37:54 +02:00
admin	e7ed8a8483	doc(03-host-agent): slice-7 scope, scenario-specific identity-reset, PBS escrow (§8a) - §9 rewritten: bring-up is a shared FRONT HALF only; identity-reset policy is scenario-specific (provision = fresh everything; guest-loss DR = preserve restic/tunnel/hub continuity, reset only collision-prone host-local identity). Added the slice 7/8/10 mapping table. - NEW §8a: PBS recovery-code escrow (zero-knowledge) — live key on box; agent-generated recovery code R; PBS-native passphrase-wrap of K under R escrowed to hub; consumption slice 10; irreducible-residual + rotation != key-rotation stated. - §13 updated (resolved: provision/DR slice boundary + escrow design; open: identity-reset set, hub-side escrow storage + restore-mode serving). Doc-only; no version bump. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-09 20:25:11 +02:00
admin	715f644bf0	moved documentation to felhom.eu	2026-06-08 13:50:14 +02:00

Author

SHA1

Message

Date

admin

15c4728e2c

doc(03-host-agent): slice-7 bring-up front half + golden host-key unit implemented

§9: the provision front half, guest-loss DR front half, and golden recipe are now
implemented (agent v0.8.0, internal/reconcile/bringup.go; configs/build-golden.sh).
Identity reset settled + implemented: provision resets MAC (unconditional, F1) +
hostname host-side; machine-id + SSH host keys regenerate guest-side (systemd + the
baked first-boot felhom-regen-hostkeys unit, F3) — agent stays host-side-only. Slice
mapping table statuses updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-09 21:37:54 +02:00

admin

e7ed8a8483

doc(03-host-agent): slice-7 scope, scenario-specific identity-reset, PBS escrow (§8a)

- §9 rewritten: bring-up is a shared FRONT HALF only; identity-reset policy is
  scenario-specific (provision = fresh everything; guest-loss DR = preserve
  restic/tunnel/hub continuity, reset only collision-prone host-local identity).
  Added the slice 7/8/10 mapping table.
- NEW §8a: PBS recovery-code escrow (zero-knowledge) — live key on box; agent-generated
  recovery code R; PBS-native passphrase-wrap of K under R escrowed to hub; consumption
  slice 10; irreducible-residual + rotation != key-rotation stated.
- §13 updated (resolved: provision/DR slice boundary + escrow design; open: identity-reset
  set, hub-side escrow storage + restore-mode serving).

Doc-only; no version bump.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-09 20:25:11 +02:00

admin

715f644bf0

moved documentation to felhom.eu

2026-06-08 13:50:14 +02:00

3 Commits